package com.cpr.rwqd_sjjn.config;

import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;

@EnableWebSecurity
public class SecurityConfig {

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
                .authorizeRequests(authorizeRequests ->
                        authorizeRequests
                                .antMatchers("/sendVerificationCode").permitAll() // 允许所有人访问
                                .antMatchers("/register").permitAll() // 允许所有人访问
//                                .antMatchers("/verifyemailcode").permitAll() // 允许所有人访问
//                                .antMatchers("/login-by-number-password").permitAll() // 允许所有人访问
//                                .antMatchers("/login-by-email-code").permitAll() // 允许所有人访问
//                                .antMatchers("/questions").permitAll() // 允许所有人访问
//                                .antMatchers("/questions/add").permitAll() // 允许所有人访问
//                                .anyRequest().authenticated() // 其他请求都需要认证
                )
                .csrf().disable() // 禁用CSRF保护，适用于API服务
                .cors().and(); // 启用CORS支持

        return http.build();
    }
}